[Dovecot] Permissions in shared folders
Lukas Haase
lukashaase at gmx.at
Tue Feb 8 12:33:03 EET 2011
Hi,
On my mail server I want to implement shared folders for each workgroup
where there are many workgroups.
One way would be to create a separate namespace for each workgroup.
However, this does not scale well so I decided to use a single Shared
mailbox and use ACLs:
namespace public {
separator = .
prefix = Shared.
location = maildir:/var/mail/shared:CONTROL=~/Maildir/shared
}
Each workgroup should get a subfolder in "Shared". Until now, this
works, I create .Group1, .Group2 and assign correct group permissions
and ACL files.
However, now a user from group1 wants to create a subfolder in his IMAP
folder. Since the permissions for /var/mail/shared/.Group1 are correct
(writeable to group1 and the user is member of group1 and 'k' ACL
permissions are active) I would expect it to work.
However, for obvious reasons, the *sub*folder is created as
/var/mail/shared/.Group1.Subfolder
so it is actually not a subfolder in sense of the filesystem but rather
a folder inside /var/mail/shared
However, the user does (and should) not have write permissions to
/var/mail/shared (only to /var/mail/shared/.Group1).
Is there a way to overcome this problem? Why can't dovecot just use
/var/mail/shared/.Group1/.Subfolder? Is there an option to do so? It
would make everything a lot easier.
The one option is to make /var/mail/shared world-writeable - which is
not really a good option.
A second option might be to use ACLs and give each group write
permissions to /var/mail/shared. However, not even this seems very
"clean" to me.
What is the best way to handle this?
Best regards,
Luke
More information about the dovecot
mailing list